Are clinical information systems safe?

Abstract

Safety critical certification ensures that a catastrophic failure cannot occur in the operation of a computer system. It is well established for computers that control nuclear reactors and aircraft. Certification is time consuming, bureaucratic, and expensive and relies on analysis rather than experiment. Most existing clinical information systems do not have safety critical certification and probably could not be certified retrospectively. As clinical information systems include those for patient administration, general practice, hospital information, and medical audit, the cost and disruption of safety critical certification could be enormous. Nevertheless, some recent events have focused attention on this issue. The deaths caused by the Therac-25 radiation therapy machine provided an example of a computer system directly harming patients1 - a clear case for safety critical certification. Information systems, however, do not act directly on patients, and in theory patients should be protected from any form …